eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,231 Commits 14 Branches 78 Tags
d4682b3b38877252c1eb2055e6fbf973e8468465
Commit Graph

38 Commits

Author SHA1 Message Date
Ondrej Kozina
d4682b3b38 Cleanup translated messages id. 
- minimize count of almost identical message ids
- unify style for some messages
- remove some useless messages
 2019-06-27 10:23:42 +02:00
Ondrej Kozina
83c227d53c Sync device using internal write enabled descriptor. 2019-05-10 21:05:31 +02:00
Ondrej Kozina
ee57b865b0 Reuse device file desriptors. 2019-05-10 21:05:31 +02:00
Ondrej Kozina
a7f80a2770 Add resilient LUKS2 reencryption library code. 2019-05-02 16:44:23 +02:00
Ondrej Kozina
304942302b Introduce CRYPT_DEFAULT_SEGMENT abstraction. 
Default segment is no longer constant segment with id 0.
 2019-03-13 14:56:31 +01:00
Ondrej Kozina
868cc52415 Abort conversion to LUKS1 with incompatible sector size. 2019-03-05 17:08:05 +01:00
Milan Broz
a6f5ce8c7b Update copyright year. 
And unify name copyright format.
 2019-01-25 09:45:57 +01:00
Milan Broz
1def60cd2c Do not allow conversion to LUKS1 if hash algorithms differs (digest,AF). 2019-01-22 14:19:58 +01:00
Milan Broz
307a7ad077 Add keyslot encryption params. 
This patch makes available LUKS2 per-keyslot encryption settings to user.

In LUKS2, keyslot can use different encryption that data.

We can use new crypt_keyslot_get_encryption and crypt_keyslot_set_encryption
API calls to set/get this encryption.

For cryptsetup new --keyslot-cipher and --keyslot-key-size options are added.

The default keyslot encryption algorithm (if cannot be derived from data encryption)
is now available as configure options (default is aes-xts-plain64 with 512-bits key).
NOTE: default was increased from 256-bits.
 2019-01-07 13:07:46 +01:00
Milan Broz
0039834bb9 Rename function to describe precisely keys size it obtains. 
This should avoid confusion between key size for the stored key and
key size that actually encrypts the keyslot.
 2019-01-07 13:07:45 +01:00
Ondrej Kozina
82aae20e9c Add json_object_object_add_by_uint helper routine. 2019-01-01 21:42:46 +01:00
Milan Broz
35fa5b7dfc Propagate context in libdevmapper functions. 2018-11-27 14:47:50 +01:00
Milan Broz
7812214db6 Add context to device handling functions. 2018-11-27 14:19:57 +01:00
Milan Broz
a5a8467993 Use context in debug log messages. 
To use per-context logging even for debug messages
we need to use the same macro as for error logging.
 2018-11-27 13:37:20 +01:00
Milan Broz
1167e6b86f Add support for Adiantum cipher mode. 2018-11-23 21:03:02 +01:00
Milan Broz
5be31bbce6 More warnings fixes. 2018-09-27 20:54:06 +02:00
Milan Broz
a6e3a31690 Workaround for some gcc8 warnings. 
Some new string length checks are too clever now...
 2018-09-27 13:25:52 +02:00
Milan Broz
69a844c654 Remove O_SYNC from device open and use fsync(). 
This speed up wipe operation considerably.
 2018-08-09 12:01:20 +02:00
Milan Broz
b00a87d8fa Remove trailing EOL for verbose and error messages. 2018-04-26 10:38:17 +02:00
Milan Broz
e58883c183 Hide return code check fot fallocate (that can silenty fail in this context). 2018-04-26 09:55:31 +02:00
Milan Broz
487965dc8a Fix LUKS convert on trimmed headers in file. 
If last write in move area failed, the keyslot is in fact destroyed.

We need to at least ensure that the whole area is there
(so write fails only for hard errors).
 2018-04-24 16:36:17 +02:00
Ondrej Kozina
6f6e1efbc8 Abort conversion when wrapped key cipher is used. 2018-04-15 15:40:48 +02:00
Ondrej Kozina
70077db07d Abort conversion when LUKS2 header contains tokens. 
Tokens may contain import 3rd party data. Prompt users
to remove such tokens explicitly.
 2018-04-15 13:08:44 +02:00
Ondrej Kozina
eed682c529 Add fixme in luks2->luks1 convert code. 2018-04-15 13:05:22 +02:00
Ondrej Kozina
255c8e8ff4 Avoid pbkdf benchmark on LUKS2 header down conversion. 
Also clarify use of placeholder keyslots in down conversion.
 2018-04-12 15:49:35 +02:00
Milan Broz
23b01621ff Print better debug message for open with write mode. 2018-04-10 15:33:30 +02:00
Milan Broz
f21ebaf839 Check LUKS2 conversion for luksmeta header. 
We will reject upconversion if there is a luksmeta magic signature.
 2018-04-10 14:54:35 +02:00
Milan Broz
f6f00b98a7 Always convert the whole last keyslot (including alignment). 2018-04-10 14:53:33 +02:00
Milan Broz
180d96234e Fix another compiler warnings with extra flags. 2018-01-20 21:17:10 +01:00
Milan Broz
1fe014dbae Update copyright year. 2018-01-20 17:55:21 +01:00
Ondrej Kozina
08e7c143b3 Add internal code for LUKS2 keyslot params. 
This fixes crypt_keyslot_add_by_key where we were unable to store
keyslot (unbound to segment) with different key_size.
The code used (new) volume key size implicitly which could be wrong
if new size was not compatible with cipher parameter for keyslot area.
 2018-01-19 13:48:09 +01:00
Milan Broz
f6e613a76f Revert cipher requirement in parse cipher. 
There is several specification that violate this (chacha20 etc).
Just use the old way...
 2018-01-18 22:42:34 +01:00
Milan Broz
aeea93fa95 Properly fail in luksFormat if cipher format is missing required IV. 
For now, crypto API quietly used cipher witout IV if a cipher
algorithm wihtou IV specificaton was used (e.g. aes-xts).

This caused fail later during activation.

This patch allows only two specific backed use without specified IV
(ECB mode and NULL cipher).

Also check cipher string early during parsing of CLI options.
 2018-01-18 21:20:25 +01:00
Yuri Chornoivan
982da4d20c Fix minor typos 2018-01-04 09:13:58 +01:00
Ondrej Kozina
304bdd7d0d luks2: add json_object_new_uint64 wrapper 
json doesn't support 64 bits integers. We workaround it by storing
large numbers as string and validate the value internally.
 2017-11-23 16:18:14 +01:00
Milan Broz
948006561a Yet another fix for header strings. 2017-09-27 10:54:03 +02:00
Milan Broz
3ccbb8fe84 Fix some problems found by Coverity analysis. 2017-09-27 10:18:38 +02:00
Milan Broz
9f2727bb77 Add libLUKS2. 2017-09-24 19:50:12 +02:00